Jason Crampton (2004) On the satisfiability of constraints in workflow systems.
Full text access: Open
Separation of duty and binding of duty in workflow systems is an important area of current research in computer security. We introduce a formal model for constrained workflow systems that incorporate constraints for implementing such policies. We define an entailment constraint, which is defined on a pair of tasks in a work flow, and show that such constraints can be used to model many familiar authorization policies. We show that a set of entailment constraints can be manipulated algebraically in order to compute all possible dependencies between tasks in the workflow. The resulting set of constraints form the basis for an analysis of the satisfiability of a workflow. We briefly consider how this analysis can be used to implement a reference monitor for workflow systems.
This is a Published version This version's date is: 24/05/2004 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/effc2842-bd92-e432-cfa7-ff56667eac9b/1/
Deposited by () on 13-Jul-2010 in Royal Holloway Research Online.Last modified on 10-Dec-2010
[1] G.-J. Ahn, R. Sandhu, M.H. Kang, and J.S. Park. Injecting RBAC to secure a webbased workflow system. In Proceedings of the 5th ACM Workshop on Role-BasedAccess Control, pages 1–10, 2000.
[2] V. Atluri and W. Huang. An authorization model for workflows. In Proceedings of the 4th European Symposium on Research in Computer Security, pages 44–64, 1996.
[3] E. Bertino, E. Ferrari, and V. Atluri. The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security, 2(1):65–104, 1999.
[4] R.A. Botha and J.H.P. Eloff. Separation of duties for access control enforcement in workflow environments. IBM Systems Journal, 40(3):666–682, 2001.
[5] G. Brightwell and P. Winkler. Counting linear extensions. Order, 8:225–242, 1991.
[6] Burroughs. Work Flow Management User’s Guide, 1973. Burroughs Manual 5000714.
[7] F. Casati, S. Castano, and M. Fugini. Managing workflow authorization constraints through active database technology. Information Systems Frontiers, 3(3):319–338,2001. Technical Report HPL-2000-156, Hewlett Packard Laboratories.
[8] T. Jaeger and J. Tidswell. Practical safety in flexible access control models. ACM Transactions on Information and System Security, 4(2):158–190, 2001.
[9] K. Knorr and H. Stormer. Modeling and analyzing separation of duties in work-flow environments. In Trusted Information: The New Decade Challenge, IFIP TC11Sixteenth Annual Working Conference on Information Security, pages 199–212, 2001.
[10] D.E. Knuth. The Art of Computer Programming: Fundamental Algorithms. Addison Wesley, Reading, Massachusetts, 2nd edition, 1973.
[11] R.D. Maddux. Introductory course on relation algebras, finite-dimensional cylindric algebras, and their interconnections. In H. Andr´eka, J.D. Monk, and I. N´emeti, editors,Algebraic Logic, volume 54 of Colloquia Mathematica Societatis J´anos Bolyai. J´anos Bolyai Mathematical Society and Elsevier Science Publishers B.V., Amsterdam, 1991.
[12] G. Pruesse and F. Ruskey. Generating linear extensions fast. SIAM Journal on Computing, 23(2):373–386, 1994.
[13] F. Ruskey. Personal communication. 2004.
[14] J. Wainer, P. Barthelmess, and A. Kumar. W-RBAC – A workflow security model incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems, 12(4):455–486, 2003.